If a scammer has your phone number, you should lock your SIM card, secure your online accounts with strong passwords and block spam calls from your
Understanding ransomware attacks is the first step in being able to prevent them from successfully targeting an organization. To prevent ransomware attacks, organizations must have strong security protocols in place such as performing regular system backups and training employees to avoid social engineering scams, among other measures.
Continue reading to learn more about ransomware attacks and what organizations can do to stay protected against this type of attack.
What is a Ransomware Attack?
Ransomware is a type of malware that encrypts a devices’ files and locks users out of the system until a ransom is paid to the cybercriminal. When the ransom is paid, the cybercriminal promises they’ll give the victim what they need to decrypt their files so they can access them again; however, it’s important to note that attackers don’t always follow through with their promises. Some attackers will go as far as posting or selling the sensitive data they stole on the dark web, even after a ransom is paid. Paying a ransom isn’t a guarantee that an organization’s data will be safe.
Why Are Ransomware Attacks on the Rise?
Ransomware attacks have become increasingly common for many reasons including the following:
- They require little technical expertise to launch. Less technically sophisticated attackers can even purchase Ransomware-as-a-Service (RaaS) packages on dark web forums.
- Unlike data breaches, where cybercriminals must first steal data and then find willing buyers, ransomware paydays are almost immediate.
- Many victims still choose to pay the ransom. In 2022, ransomware attackers extorted at least $456.8 million from targeted victims.
The Cost of Ransomware Attacks
The financial toll from ransomware attacks is rising. On average, the cost of a ransomware attack is $4.54 million. In addition to direct costs, such as ransom payments and repairs to damaged systems, organizations face significant indirect costs from having to scale back operations or temporarily close while repairs are made. The average downtime from a ransomware attack is 9 days, however some organizations do not survive ransomware and are forced to shut down permanently.
While cyber insurance can cover some of these costs, organizations cannot depend on cyber policies to make them whole after a ransomware attack. The typical cyber insurance policy does not cover regulatory fines for violating compliance mandates such as the PCI Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA); attacks involving malicious insiders, including disgruntled employees, ex-employees, and third-party vendors; the financial impact of reputational damage; or all of an organization’s losses from downtime.
If an organization must shut down for an extended period of time, or if digital Intellectual Property (IP) is breached during the attack, organizations can suffer irreversible damage.
The emerging threat of double extortion
Double extortion, also known as “name and shame,” is when cybercriminals don’t just encrypt a victim’s data, they also steal it, then threaten to publicly release or sell it on the dark web if the ransom is not paid. Double extortion effectively transforms ransomware attacks into data breaches.
SMBs and Municipal Governments Are at High Risk of Ransomware
When ransomware first emerged, victims were usually very large enterprises. The reasoning was that these victims had deep enough pockets to pay ransom demands. However, large companies could also afford to harden their security defenses to prevent future attacks. Hindered by the comprehensive cybersecurity defenses at larger enterprises, cybercriminals turned their attention to Small and Medium-sized Businesses (SMBs), as well as state and municipal governments that cannot afford to put the same level of cybersecurity defenses in place.
This is not to say that large enterprises are immune from ransomware attacks. The first quarter of 2023 saw a series of attacks on major corporations, including but not limited to Dole Food Company and Dish Network.
Should Organizations Pay Ransoms?
Whether or not an organization should pay a ransom is a matter of great debate, even among cybersecurity professionals. Cyber insurers often encourage victims to pay ransoms since most policies cover ransom payments. Some security professionals argue that ransom costs are generally lower than data recovery costs, especially for SMBs that cannot afford extended downtime. At healthcare facilities and government agencies, downtime could put human health and lives at risk.
Other security professionals, as well as most law enforcement agencies, argue that paying ransoms only encourages future attacks and that paying does not guarantee restoration. Additionally, in double extortion cases, cybercriminals still have possession of the stolen data. Regardless of their promises to destroy the data after receiving a ransom, they may still sell it, publicize it, or use it as a starting point for future attacks, such as Business Email Compromise (BEC).
With so much at risk, the optimal solution is to prevent ransomware attacks from happening in the first place.
How to Prevent Ransomware Attacks
Antivirus software and most Identity and Access Management (IAM) systems do little to protect organizations from ransomware. Ransomware defense requires a multi-pronged, proactive approach.
Here are a few measures organizations should take to prevent ransomware attacks.
Perform regular system backups
Regular system backups are essential, not only to recover data after a ransomware incident or another cyber attack, but also after catastrophic system outages and damage to hardware.
Train employees to avoid social engineering scams
Since many ransomware attempts are delivered in phishing emails, training employees to avoid phishing and other social engineering scams is a critical step to preventing ransomware attacks. However, it is not a silver bullet, as brute-force attacks have surpassed phishing to become the most common method of delivering ransomware.
Brute-force attacks use trial-and-error methods to guess login credentials and other sensitive information. This type of attack is even more successful if employees reuse passwords across multiple accounts, use weak passwords or share passwords insecurely with coworkers.
Secure employees’ passwords
Weak and compromised passwords are the biggest threat to organizational cybersecurity in addition to fueling the brute-force attacks that are the most common ransomware delivery method. In fact, poor employee password habits are behind the overwhelming majority of data breaches.
In a brute-force attack, cybercriminals obtain a list of passwords stolen during a data breach, then attempt to use them to compromise servers and endpoints, usually with the aid of bots. Because so many people use weak, common, and easily guessed passwords, and reuse passwords across multiple accounts, these attacks are very successful.
Brute-force attacks can be prevented by mandating that employees use strong, unique passwords for all accounts, use Multi-Factor Authentication (MFA) on all accounts that support it, and use a password manager. A password manager is a tool that can aid employees in generating passwords while keeping them secure in an encrypted password vault. With a password management solution, there’s no need to worry about employees reusing passwords or using weak passwords.
Invest in a dark web monitoring solution
Even if a user is diligent about using strong, unique passwords, their password can still be compromised. Data breach victims are typically the last ones to know that their passwords have been stolen. The median “dwell time,” which is the period between the initial breach and the time a company discovers it, is 11 days. Dwell times that greatly exceed this average are not uncommon.
For this reason, dark web monitoring services such as BreachWatch® are essential to preventing ransomware. These services scan dark web forums and notify organizations in real time if any of their employee passwords have been put up for sale, allowing IT administrators to force password resets right away.
How Keeper Helps Organizations Prevent Ransomware Attacks
Keeper Security’s zero-knowledge password management and security platform provides organizations with complete visibility into employee password practices, enabling IT administrators to monitor password use across the entire organization and enforce the use of strong, unique passwords, Two-Factor Authentication (2FA), Role-Based Access Control (RBAC) and other security policies. Keeper also supports multiple compliance standards, including HIPAA, DPA, FINRA, NCUA and GDPR.
Each employee receives a private, encrypted digital vault that they can access from any device using a master password – the only password the employee will ever have to remember. Keeper’s password manager generates strong, unique passwords for every account and automatically fills in login fields on websites and apps. Employees no longer have any reason to reuse passwords or use weak passwords and IT administrators have the visibility they need to ensure compliance.
IT administrators can fully customize employee permissions through fine-grained access controls based on their roles and responsibilities, as well as set up shared folders for individual departments, project teams or other groups.
For enhanced protection, organizations can deploy valuable add-ons such as Keeper Secure File Storage, which enables employees to securely store and share documents, images, videos, digital certificates and SSH keys, and BreachWatch, which scans dark web forums and notifies IT administrators if any employee passwords have been compromised in a public data breach.
Keeper takes only minutes to deploy, requires minimal ongoing management and scales to meet the needs of any size organization. Keeper’s business and enterprise password management solutions help thousands of companies all over the world prevent password-related cyber attacks, improve productivity and enforce compliance.